If you are accessing a secure site (https://) that works fine in your browser and doesn’t give you any authentication warnings, then try setting the ciphers property of the HTTPClient#ssl_config instance to ‘ALL’. Specifically,

If that fixes the problem, then find the default value of @ciphers within your local /path/to/httpclient-2.1.2/lib/httpclient.rb file and adjust it to a less insecure value in your code. For example, line 162 of my /usr/local/lib/ruby/gems/1.8/gems/httpclient-2.1.2/lib/httpclient.rb is

@ciphers = "ALL:!ADH:!LOW:!EXP:!MD5:+SSLv2:@STRENGTH"

After verifying that setting client.ssl_config.ciphers = ‘ALL’ fixed the problem, I experimented with the default setting above and found that leaving off only the “:!MD5″ option from the cipher string fixed the problem, without sacrificing any additional security:

Presumably the author of httpclient disabled security protocols that use MD5 due to the discovery of its weaknesses over the past decade. However if the website you are connecting to offers no other option, and the security risk is worth the value obtained in the transmissions, then this is how to enable it.

Solution #2

If you are accessing a secure site (https://) that you are the administrator of, and it doesn’t have its SSL server certificate signed by a trusted certificate authority (CA), then you will need to sign it yourself and pass the public key of the CA to HTTPClient. Here’s how to generate the server key, sign it, and pass it to HTTPClient:

The yoursite.example.com.pem needs to be installed in a secure location on the server, and the web server needs to be told where to find it. Copy the yoursite.example.com.crt file to your client machine. HTTPClient can use it via

This should fix the error, assuming this issue was the source of it. The “sslv3 alert handshake failure” is a rather generic error message, so it is quite possible it can be caused by other issues not covered here.

Disclaimer: The above two recipes are not intended to guarantee security once implemented. In general, the only way to achieve security in a system is for the administrator to understand the underlying security protocols, and use these tools as appropriate. Bruce Schneier’s Applied Cryptography is a very good place to start.

Search

Why, Hello!

I'm Nate Murray and this is a blog I've been writing since 2007.
I work at IFTTT and I've been working with big data data since 2009. My work involves large-scale data mining, distributed computing, iOS & web apps. If you like this blog then you should follow me on twitter. Follow @eigenjoy